Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The cookie is created without setting the ‘secure’ flag to true, which means it can be sent over unencrypted HTTP connections. This exposes sensitive cookie data, like session identifiers, to potential interception.
Impact#
If the secure flag is not set, attackers on the same network can easily capture cookies through network sniffing, potentially hijacking user sessions or accessing private data. This can lead to account compromise and unauthorized access to sensitive areas of the application.